Arm Security Updates | Arm Compiler 5 stack protection

Sorry, your browser is not supported. We recommend upgrading your browser. We have done our best to make all the documentation and resources available on old versions of Internet Explorer, but vector image support and the layout may not be optimal. Technical documentation is available as a PDF Download.

JavaScript seems to be disabled in your browser.
You must have JavaScript enabled in your browser to utilize the functionality of this website.

Home

Support

Arm Security Updates

Arm Compiler 5 stack protection

In certain circumstances the stack protection feature can be rendered ineffective, leaving the protected function vulnerable to stack-based buffer overflows.

CVE	CVE-2020-24658
Date	24^th December 2020
Affects	Arm Compiler 5.01 to 5.06u6 inclusive, if code is compiled with the options: `armcc --protect_stack`, or `--protect_stack_all`.
Impact	An undetected stack overflow can lead to a function return address being overwritten, potentially causing a crash or hang or allowing an attacker to gain control over program execution.
Resolution	This issue is fixed in Arm Compiler 5.06u7. Users are recommended to upgrade if they are impacted by this issue.
Credit	Thanks to Nico Golde of Apple for reporting this vulnerability.

Was this page helpful?

Yes

Thank you! We appreciate your feedback.